Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-12498

softhsm implements AES_KEY_WRAP_KWP but calls it AES_KEY_WRAP_PAD

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • CentOS Stream 9
    • softhsm
    • None
    • None
    • rhel-idm-ipa
    • ssg_idm
    • 1
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • RHEL JIRAS rhel-idm-ipa
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      Use the mechanism AES_KEY_WRAP_KWP (RFC5649)

      Please provide the package NVR for which bug is seen:

      softhsm-2.6.1-7.el9.2.x86_64

      How reproducible:

      Always

      Steps to reproduce

      1. Create HSM session AES key  (for blob wrapping)
      2. Encrypt a blob(PKCS8 DER data) with session key (PKCS8 key)
      3. C_UnwrapKey() the ciphered data to import a private key to the HSM

      Expected results

      Private key can be unwrapped and persisted to the HSM

      Actual results

      AES_KEY_WRAP_KWP is an invalid mechanism

       

      Reported to upstream as: https://github.com/opendnssec/SoftHSMv2/issues/726

              abokovoy@redhat.com Alexander Bokovoy
              beaver6675 Richard Chan (Inactive)
              Alexander Bokovoy Alexander Bokovoy
              Sudhir Menon Sudhir Menon
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: